P2P僵尸网络检测技术的研究与实现
发布时间:2018-10-26 10:46
【摘要】:P2P僵尸网络(P2P Botnet)是指通过直接交互传递命令,能够发起和响应请求的恶意程序所组成的网络。研究P2P僵尸网络的检测技术,通过发现P2P僵尸网络的命令与控制(command-and-control)的网络通信拓扑结构,并利用社区发现算法检测出网络中可能的P2P僵尸网络节点,能够为攻击、防御和利用P2P僵尸网络提供有价值的信息。 本文研究P2P僵尸网络检测技术,设计并实现一个原型系统,,主要的工作如下: 1.分析国内外P2P僵尸网络相关研究现状,指出当前研究存在的问题:现有P2P僵尸网络检测技术主要用于检测是否存在僵尸进程或流量是否为僵尸网络流量,没有根据僵尸网络节点之间的命令与控制关系进行检测。 2.给出检测P2P僵尸网络的一种解决方案。明确P2P僵尸网络结构相关的概念,结合项目需求,给出P2P僵尸网络的典型特征,根据这些特征执行算法检测僵尸网络。 3.给出P2P僵尸网络检测算法,该算法将输入的网络数据报抽取为网络流,在进行数据过滤之后,确定命令与控制网络流(对应命令与控制关系),进而得出命令与控制的网络通信拓扑结构,并基于社区发现算法最终检测出僵尸网络。论文详细介绍了各个算法的原理,并分析了算法特点和时间复杂度。 4.设计并实现了P2P僵尸网络检测原型系统。实验和结果分析表明:本文提出的基于社区发现的检测算法能够检测P2P僵尸网络,具有较高的命中率。
[Abstract]:P2P botnet (P2P Botnet) is a network composed of malicious programs that can initiate and respond to requests by communicating commands directly. The detection technology of P2P botnet is studied. By discovering the network communication topology of P2P botnet command and control (command-and-control) and using community discovery algorithm, the possible P2P botnet nodes in the network can be detected. Defense and use of P2P botnets to provide valuable information. This paper studies P2P botnet detection technology, designs and implements a prototype system, the main work is as follows: 1. This paper analyzes the status quo of P2P botnet research at home and abroad, and points out the existing problems: the existing P2P botnet detection technology is mainly used to detect whether botnet processes exist or whether traffic is botnet traffic. No detection is made according to the command and control relationship between botnet nodes. 2. A solution to detect P2P botnet is presented. Based on the concept of P2P botnet structure and project requirements, the typical features of P2P botnet are given, and the botnet detection algorithm is implemented according to these features. 3. This paper presents a P2P botnet detection algorithm, which extracts the input network Datagram into a network stream. After data filtering, the command and control network flow (corresponding to the command and control relationship) is determined. Then the network communication topology of command and control is obtained, and the botnet is finally detected based on community discovery algorithm. The principle of each algorithm is introduced in detail, and the characteristics and time complexity of the algorithm are analyzed. 4. A P2P botnet detection prototype system is designed and implemented. The experiments and results show that the community discovery based detection algorithm proposed in this paper can detect P2P botnet with high hit rate.
【学位授予单位】:北京航空航天大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
本文编号:2295464
[Abstract]:P2P botnet (P2P Botnet) is a network composed of malicious programs that can initiate and respond to requests by communicating commands directly. The detection technology of P2P botnet is studied. By discovering the network communication topology of P2P botnet command and control (command-and-control) and using community discovery algorithm, the possible P2P botnet nodes in the network can be detected. Defense and use of P2P botnets to provide valuable information. This paper studies P2P botnet detection technology, designs and implements a prototype system, the main work is as follows: 1. This paper analyzes the status quo of P2P botnet research at home and abroad, and points out the existing problems: the existing P2P botnet detection technology is mainly used to detect whether botnet processes exist or whether traffic is botnet traffic. No detection is made according to the command and control relationship between botnet nodes. 2. A solution to detect P2P botnet is presented. Based on the concept of P2P botnet structure and project requirements, the typical features of P2P botnet are given, and the botnet detection algorithm is implemented according to these features. 3. This paper presents a P2P botnet detection algorithm, which extracts the input network Datagram into a network stream. After data filtering, the command and control network flow (corresponding to the command and control relationship) is determined. Then the network communication topology of command and control is obtained, and the botnet is finally detected based on community discovery algorithm. The principle of each algorithm is introduced in detail, and the characteristics and time complexity of the algorithm are analyzed. 4. A P2P botnet detection prototype system is designed and implemented. The experiments and results show that the community discovery based detection algorithm proposed in this paper can detect P2P botnet with high hit rate.
【学位授予单位】:北京航空航天大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
【参考文献】
相关期刊论文 前2条
1 诸葛建伟;韩心慧;周勇林;叶志远;邹维;;僵尸网络研究[J];软件学报;2008年03期
2 李翔;胡华平;刘波;陈新;;基于行为相似性的P2P僵尸网络检测模型[J];现代电子技术;2010年15期
本文编号:2295464
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2295464.html
